Combining Academia and Industry Approach for Secure Coding and Requirements Checklist in S-SDLC: Systematic Literature Review

Authors

  • Anderies Anderies Bina Nusantara University
  • Ika Dyah Agustia Rachmawati Bina Nusantara University
  • Kenny Jingga Bina Nusantara University
  • Calvin Linardy Candra Deakin University

DOI:

https://doi.org/10.21512/emacsjournal.v7i2.13429

Keywords:

Cyber Security, Secure Software Development, Software Engineering, Systematic Literature Review

Abstract

Rapid progress of digital transformation has occurred governments, organization and vendors around the world. where this rapid digital transformation is not linearly followed by the security protection of digital infrastructure and its application. For example, in Indonesia One of the largest banks was unable to operate its online and physical services for three consecutive days due to a cyber-attack. And many international organizations also experienced the same thing or even worse like bankruptcy. Because of this phenomenon the authors have performed a systematic literature review and identified there are two important phases namely requirement and coding in secure software development lifecycle (S-SDLC). In this study the authors compose 18 Secure Requirement practices (SREC) and 72 Secure Coding Checklist (SCOC) checklist based on Combining previous academia research study and international standard of open secure coding practices (OSCP) in which we target the security vulnerable most occurred to governments, organization and vendors around the world according to Open Web Application Security Project Foundation.  This checklist can be embedded in the Quality Assurance process to check in sequence whether the Requirements and Coding that are produced are safe or not from the cyber-attack. Additionally, the checklist approach is simple to understand and can be implemented to a popular public consumer automation testing tools enabling faster software development while maintaining software security.

Dimensions

Plum Analytics

Author Biographies

Anderies Anderies, Bina Nusantara University

Computer Science Program, Computer Science Department, School of Computer Science

Ika Dyah Agustia Rachmawati, Bina Nusantara University

Cyber Security Program, Computer Science Department, School of Computer Science

Kenny Jingga, Bina Nusantara University

Computer Science Program, Computer Science Department, School of Computer Science

Calvin Linardy Candra, Deakin University

Cyber Security Research, School of Information Technology

References

Anas, A., Elgamal, S., & Youssef, B. (2024). Survey on detecting and preventing web application broken access control attacks. International Journal of Electrical and Computer Engineering (IJECE), 14(1), 772–781.

Ayemowa, M. O., Ibrahim, R., & Khan, M. M. (2024). Analysis of Recommender System Using Generative Artificial Intelligence: A Systematic Literature Review. IEEE Access.

Baz, A., Ahmed, R., Khan, S. A., & Kumar, S. (2023). Security risk assessment framework for the healthcare industry 5.0. Sustainability, 15(23), 16519.

Canavese, D., Regano, L., & Lioy, A. (2022). Computer-Aided Reverse Engineering of Protected Software. International Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision, 3–15.

de Vicente Mohino, J., Bermejo Higuera, J., Bermejo Higuera, J. R., & Sicilia Montalvo, J. A. (2019). The application of a new secure software development life cycle (S-SDLC) with agile methodologies. Electronics, 8(11), 1218.

Fitriani, R., Subagiyo, R., & Asiyah, B. N. (2023). Mitigating IT Risk of Bank Syariah Indonesia: A Study of Cyber Attack on May 8, 2023. Al-Amwal: Jurnal Ekonomi Dan Perbankan Syari’ah, 15(1), 86–100.

Gwon, Y. N., Kim, J. H., Chung, H. S., Jung, E. J., Chun, J., Lee, S., & Shim, S. R. (2024). The Use of Generative AI for Scientific Literature Searches for Systematic Reviews: ChatGPT and Microsoft Bing AI Performance Evaluation. JMIR Medical Informatics, 12, e51187.

Hazhirpasand, M., & Ghafari, M. (2021). Cryptography Vulnerabilities on HackerOne. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), 18–27.

Humayun, M., Jhanjhi, N., Almufareh, M. F., & Khalil, M. I. (2022). Security threat and vulnerability assessment and measurement in secure software development. Comput. Mater. Contin, 71, 5039–5059.

Inggarwati, M. P., Celia, O., & Arthanti, B. D. (2020). Online single submission for cyber defense and security in Indonesia. Lex Scientia Law Review, 4(1), 83–95.

Javed, Y., Khayat, M. A., Elghariani, A. A., & Ghafoor, A. (2023). PRISM: a hierarchical intrusion detection architecture for large-scale cyber networks. IEEE Transactions on Dependable and Secure Computing, 20(6), 5070–5086.

Karthikeyani, R., & Karthikeyan, E. (2023). A Review on Distributed Denial of Service Attack. Asian Journal of Research in Computer Science, 16(4), 133–144.

Khan, A. W., Zaib, S., Khan, F., Tarimer, I., Seo, J. T., & Shin, J. (2022). Analyzing and evaluating critical cyber security challenges faced by vendor organizations in software development: SLR based approach. IEEE Access, 10, 65044–65054.

Khan, R. A., Khan, S. U., Khan, H. U., & Ilyas, M. (2022). Systematic literature review on security risks and its practices in secure software development. Ieee Access, 10, 5456–5481.

Kitchenham, B. A. (2012). Systematic review in software engineering: where we are and where we should be going. Proceedings of the 2nd International Workshop on Evidential Assessment of Software Technologies, 1–2.

Kitchenham, B., Brereton, O. P., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering–a systematic literature review. Information and Software Technology, 51(1), 7–15.

Li, Y., Ma, L., Shen, L., Lv, J., & Zhang, P. (2019). Open source software security vulnerability detection based on dynamic behavior features. Plos One, 14(8), e0221530.

Pasquale, L., Alrajeh, D., Peersman, C., Tun, T., Nuseibeh, B., & Rashid, A. (2018). Towards forensic-ready software systems. Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 9–12.

Prasanna, S. R., & Premananda, B. S. (2021). Performance analysis of md5 and sha-256 algorithms to maintain data integrity. 2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), 246–250.

Rajamäki, J., Wood, K., & Espada, B. (2024). LOCKing Patient Safety: A Dynamic Cybersecurity Checklist for Healthcare Workers. European Conference on Cyber Warfare and Security, 23(1), 811–815. https://doi.org/10.34190/eccws.23.1.2072

Sadler, H. (2020). ER2C SDMLC: enterprise release r isk-centric systems d evelopment and maintenance life cycle. Software Quality Journal, 28(4), 1755–1787.

Saeed, H., Shafi, I., Ahmad, J., Khan, A. A., Khurshaid, T., & Ashraf, I. (2025). Review of Techniques for Integrating Security in Software Development Lifecycle. Computers, Materials & Continua, 82(1).

Singh, A., & Gupta, B. B. (2022). Distributed denial-of-service (DDoS) attacks and defense mechanisms in various web-enabled computing platforms: issues, challenges, and future research directions. International Journal on Semantic Web and Information Systems (IJSWIS), 18(1), 1–43.

Yuryna Connolly, L., Wall, D. S., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. Journal of Cybersecurity, 6(1), tyaa023.

Zhan, X., Fan, L., Chen, S., We, F., Liu, T., Luo, X., & Liu, Y. (2021). Atvhunter: Reliable version detection of third-party libraries for vulnerability identification in android applications. 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 1695–1707.

Downloads

Published

2025-05-31

How to Cite

Anderies, A., Rachmawati, I. D. A., Jingga, K., & Candra, C. L. (2025). Combining Academia and Industry Approach for Secure Coding and Requirements Checklist in S-SDLC: Systematic Literature Review. Engineering, MAthematics and Computer Science Journal (EMACS), 7(2), 129–138. https://doi.org/10.21512/emacsjournal.v7i2.13429

Issue

Section

Articles
Abstract 225  .
PDF downloaded 23  .